02 Jan 2018 |Ellen Nakashima and Aaron Gregg | Washington Post via Chicago Tribune
“The National Security Agency is losing its top talent at a worrisome rate as highly skilled personnel, some disillusioned with the spy service’s leadership and an unpopular reorganization, take higher-paying, more flexible jobs in the private sector.
Since 2015, the NSA has lost several hundred hackers, engineers and data scientists, according to current and former U.S. officials with knowledge of the matter. The potential impact on national security is significant, they said.
Headquartered at Fort Meade in Maryland, the NSA employs a civilian workforce of about 21,000 there and is the largest producer of intelligence among the nation’s 17 spy agencies. The people who have left were responsible for collecting and analyzing the intelligence that goes into the president’s daily briefing.
Their work also included monitoring a broad array of subjects including the Islamic State, Russian and North Korean hackers, and analyzing the intentions of foreign governments, and they were responsible for protecting the classified networks that carry such sensitive information.
“Some synonym of the word ‘epidemic’ is the best way to describe it,” said Ellison Anne Williams, a former senior researcher at the NSA who left in 2016 to start her own data-security firm, Enveil. More than 10 of her employees also came from the NSA, she said. “The agency is losing an amazing amount of its strongest technical talent, and to lose your best and brightest staff is a huge hit.”
The NSA would not disclose how many job vacancies it has. Agency officials said there is a 5.6 percent attrition rate among personnel who specialize in science, technology and math. The attrition rate is closer to 8 or 9 percent among hackers and those who staff the agency’s always-operating watch center monitoring for cyber attacks, a trend that has spanned the Obama and Trump administrations.
Although the departure rates are low, compared with attrition levels in the civilian technology industry, and although the agency is filling its vacancies, most new personnel lack the experience of those who have left, said one senior intelligence official, who like others spoke on the condition of anonymity to offer candid insights about the secretive organization. That experience deficit can impede the NSA’s core mission of collecting and analyzing the masses of data the agency lifts from foreign networks.
Some groups within the NSA have lost almost half of their staffs, one former official said. As a result, projects to make intelligence collection more effective have been cut or slowed.
It is a turbulent moment in the NSA’s 65-year history. The agency continues to face public distrust after revelations, made by former contractor Edward Snowden in 2013, about the scope of its surveillance of American citizens. Morale dipped in the aftermath of those disclosures and has not fully recovered. More recently, the workforce was rattled by a series of breaches targeting the agency’s highly sensitive hacking tools.
Another source of frustration is an ongoing reorganization that has merged the NSA’s highly secret electronic spying mission with its more public network-defense operation, along with other changes. NSA Director Michael S. Rogers, a Navy admiral who also oversees the military’s Cyber Command, launched NSA 21 to break down what he called the “walls of granite” among divisions whose missions, he believed, complement one another.
Former employees have voiced a variety of complaints. Some say they feel their missions have been marginalized by the restructuring. One called the reorganization “an enormous distraction” and lamented what he characterized as an inefficient procurement process that made it difficult to obtain even simple open-source developer tools. Another faulted the agency’s pay structure and promotion system, saying it favors seniority over skill and competence.
A series of breaches beginning with Snowden and including the arrest of former contractor Harold T. Martin III in 2016 have led to new security precautions. Such restrictions on accessing data have made work more difficult, and the internal hunt for would-be leakers has contributed to an environment of suspicion, said a number of current and former employees.
“It comes down to death by a thousand cuts,” said a former employee, adding that people “tend to quit in packs. One person hits their breaking point, and once they leave, the dominoes start falling.”
The brain drain has been so pronounced that at one gathering in 2016 of the agency’s elite hacking division, one individual raised the concern with Rogers directly. According to several people familiar with the exchange, Rogers disputed that there was any increase in attrition and told his employees that they should stop complaining and get back to work.
An NSA spokesman, Tommy Groves, did not challenge the account, saying that employees’ concerns about high attrition rates have led to changes, including increased pay, increased promotions and greater opportunities to work at all NSA sites.
Rogers did not respond to a request for comment. More recently, though, he has made it a point in public to thank the agency’s workforce and acknowledge the “cultural challenge” its employees face. At a national security conference in September, for instance, he said that dealing with “the great men and women of the organization” is “the best part of the day for me.”
He added: “If the price of security becomes that we drive away the very men and women that generate value in the first place, we now have a self-induced mission kill.”
Rogers has told colleagues he plans to retire in the spring, ending a four-year tenure that has been rocky at times. At one point in 2016, the defense secretary and director of national intelligence wanted him removed over various leadership concerns. Rogers survived the episode, and with Trump’s national security team still settling in, he was seen as an element of continuity at the agency.
It is not clear whom President Donald Trump will nominate to succeed him, but whoever steps into the role will face a variety of challenges.
“NSA is at this moment experiencing stress that is constant and unrelenting,” one former senior intelligence official said. He said the agency has weathered other high-anxiety periods “because there was cohesion in the workforce and a leader who could nurture them through it, if not inspire them. But this director hasn’t chosen to do that.”
Skilled personnel have always left the NSA, in particular to work for defense contractors that support its work, said Deputy Director George Barnes, who has been at the agency for 31 years. “The big change these days is there’s a supply-demand imbalance between the outside and the inside,” he told The Washington Post.
Barnes defended Rogers’ leadership and his handling of the reorganization. Rogers, he said, “is totally focused on ‘What’s the culture? How do we understand what causes stress?’ It’s the antithesis of the negative vibe” about which some employees complained.
Barnes also noted the allure of Silicon Valley and other cities that tech start-ups call home. The U.S. private sector is struggling to fill more than 270,000 jobs in cybersecurity, according to Burning Glass Technologies, a labor analytics firm. Total compensation for those jobs can reach $200,000 or more, meaning even relatively junior cyber professionals in the industry can make more than top officials at the NSA.
Some senior officials say that the outflow in part reflects a cultural shift in which millennials are not inclined to stay in one workplace for an entire career. And it also stems from a disproportionate number of retirements of people who entered the agency in the 1980s during a hiring boom.
Other former NSA personnel who have left or retired recently expressed confidence that the NSA would weather the storm.
“Yes, people will leave, but there are things you can do there that you can’t do anywhere else. It’s for God and country,” said Daniel Ennis, who oversaw the agency’s threat operations center before retiring in 2015 after 33 years. He now leads advanced cyberthreat intelligence for BlueteamGlobal, a private cybersecurity firm.
“NSA always recovers,” Ennis said.